Page 19 of 116 results (0.015 seconds)

CVSS: 10.0EPSS: 0%CPEs: 59EXPL: 0

The TCP MSS (maximum segment size) functionality in netinet allows remote attackers to cause a denial of service (resource exhaustion) via (1) a low MTU, which causes a large number of small packets to be produced, or (2) via a large number of packets with a small TCP payload, which cause a large number of calls to the resource-intensive sowakeup function. La funcionalidad TCP MSS (maximum segment size) en netinet permite a atacantes remotos causar una denegación de servicio (consumición de recursos) mediante un: MTU bajo, que causa que se produzcan un gran número de pequeños paquetes, o mediante un grán número de paquetes con contenido TCP pequeño, lo que hace que se hagan un gran número de llamadas a la función sowakeup, que consumen muchos recursos. • http://lists.freebsd.org/pipermail/cvs-src/2004-January/016271.html •

CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0

mksnap_ffs in FreeBSD 5.1 and 5.2 only sets the snapshot flag when creating a snapshot for a file system, which causes default values for other flags to be used, possibly disabling security-critical settings and allowing a local user to bypass intended access restrictions. mksnap_ffs en FeeBSD 5.1 y 5.2 sólo establece el marcador (flag) de instantánea (snapshot) cuando crea una instantánea de un sistema de ficheros , lo que hace que se usen valores por defecto para otros marcadores, lo que posiblemente desabilite configuraciones de seguridad críticas y permita a un usuario local saltarse restricciones de acceso pretendidas. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:01.mksnap_ffs.asc http://www.osvdb.org/3790 http://www.securityfocus.com/bid/9533 https://exchange.xforce.ibmcloud.com/vulnerabilities/15005 •

CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 0

The implementation of SYN cookies (syncookies) in FreeBSD 4.5 through 5.0-RELEASE-p3 uses only 32-bit internal keys when generating syncookies, which makes it easier for remote attackers to conduct brute force ISN guessing attacks and spoof legitimate traffic. • http://secunia.com/advisories/8142 http://www.osvdb.org/19785 http://www.securityfocus.com/advisories/5013 http://www.securityfocus.com/bid/6920 https://exchange.xforce.ibmcloud.com/vulnerabilities/11397 •

CVSS: 2.1EPSS: 0%CPEs: 8EXPL: 0

The iBCS2 system call translator for statfs in NetBSD 1.5 through 1.5.3 and FreeBSD 4 up to 4.8-RELEASE-p2 and 5 up to 5.1-RELEASE-p1 allows local users to read portions of kernel memory (memory disclosure) via a large length parameter, which copies additional kernel memory into userland memory. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:10.ibcs2.asc http://secunia.com/advisories/9504 http://securitytracker.com/id?1007460 http://www.osvdb.org/2406 https://exchange.xforce.ibmcloud.com/vulnerabilities/12892 •

CVSS: 3.6EPSS: 0%CPEs: 43EXPL: 0

Integer overflow in the f_count counter in FreeBSD before 4.2 through 5.0 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via multiple calls to (1) fpathconf and (2) lseek, which do not properly decrement f_count through a call to fdrop. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:44.filedesc.asc http://archives.neohapsis.com/archives/bugtraq/2003-01/0057.html http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0006.html http://secunia.com/advisories/7821 http://www.iss.net/security_center/static/10993.php http://www.pine.nl/press/pine-cert-20030101.txt http://www.securityfocus.com/archive/1/305308/30/26420/threaded http://www.securityfocus.com/bid/6524 http://www.securitytracker.co •